From d0e2362f7378cf5b526a1da447505a695409cedf Mon Sep 17 00:00:00 2001
From: Peter Rounce <peter@rounce.me.uk>
Date: Sat, 21 Feb 2026 17:52:50 +0000
Subject: [PATCH] Remove references to deleted /wipe and /pos/auth routes

Clean up stale route references after the priority refactorings commit:
- CLAUDE.md: remove /wipe from programmer endpoints, /pos/auth from
  rate limiting description
- Caddyfile: remove /pos/auth from rate-limited auth paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 CLAUDE.md | 4 ++--
 Caddyfile | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index 38bc1b5..1339497 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -68,7 +68,7 @@ docker exec -it card bash
 
 - **phoenix**: acinq/phoenixd:0.7.2 — Lightning node (384M memory)
 - **card**: Custom Go app — card service on `:8000` (192M memory, GOMEMLIMIT=150MiB). Has Docker healthcheck (HEAD / every 30s). Graceful shutdown on SIGTERM with 10s drain timeout. Includes `sqlite3` for database access.
-- **webproxy**: Custom Caddy build (via xcaddy with `caddy-ratelimit` plugin) — reverse proxy with auto-TLS, CORS, zstd compression, and rate limiting on auth endpoints (10 req/min per IP on `/admin/login/`, `/auth`, `/pos/auth`)
+- **webproxy**: Custom Caddy build (via xcaddy with `caddy-ratelimit` plugin) — reverse proxy with auto-TLS, CORS, zstd compression, and rate limiting on auth endpoints (10 req/min per IP on `/admin/login/`, `/auth`)
 
 All on internal `hubnet` bridge network. Card container mounts phoenix volume read-only for config access. `HOST_DOMAIN` is set in `.env` and shared with both card and webproxy containers via `env_file`. The Caddyfile uses `{$HOST_DOMAIN}` for the site address — no templating or init scripts needed.
 
@@ -89,7 +89,7 @@ Entry point: `main.go` → opens SQLite DB → runs CLI or starts HTTP server on
 
 - `/ln`, `/cb` — LNURL-withdraw protocol (NFC card tap → payment)
 - `/admin/` — Admin dashboard (cookie-based session auth)
-- `/new`, `/wipe` — Bolt Card Programmer endpoints
+- `/new` — Bolt Card Programmer endpoint
 - BoltCardHub API (`/create`, `/auth`, `/balance`, `/payinvoice`, etc.) — LndHub-compatible, feature-gated via `bolt_card_hub_api` setting
 - PoS API (`/pos/`) — Point-of-Sale subset of LndHub API, feature-gated via `bolt_card_pos_api` setting
 - `/websocket` — Real-time payment notifications
diff --git a/Caddyfile b/Caddyfile
index c9bbb40..92c969e 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -19,7 +19,7 @@ https://{$HOST_DOMAIN} {
 	}
 
 	@auth_paths {
-		path /admin/login/ /auth /pos/auth
+		path /admin/login/ /auth
 	}
 	handle @auth_paths {
 		rate_limit {